How to recover the password and enablepass

Unanswered Question
Oct 10th, 2007


I can log on to the 4006 sw using tacacs but can't change the passwords as the are shown as encrypted. I used the encrypted as a old password but is not taking. I forgot the old password. CiscoWorks is not configured to use SNMP.

How can I get the old password to change it?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
theobagm Wed, 10/10/2007 - 13:46

I do not believe that either the password and the enable password are ever stored unencrypted on a CatOS system. Under IOS 'no service password-encryption' will show all passwords in clear text except the enable secret. If you can access the physical console port and can tolerate the down time of a power cycle followed by a recovery process try this

Otherwise I know of NO way to get the unencrypted password once it has been forgotten.

glen.grant Wed, 10/10/2007 - 14:57

Unless you have a snmp wizard who knows snmp inside and out there is no other way . The one way that might work if you have another 4006 that you know the password I "think" you can copy that encrypted string into a file on a tftp server then config net that file then change the password the normal way . I believe I changed it that way once a long time ago .

Kevin Dorrell Wed, 10/10/2007 - 17:36

But you would need the enable secret in order to to the TFTP, wouldn't you?

Ordinary "encrypted" passwords are too easy to crack if you know the encrypted version - there are tools all over the Internet to do so. Level '5', on the other hand, are much more secure - I don't know any tool that will do it.

Kevin Dorrell



This Discussion